[Dnsmasq-discuss] interface-name and IPv6 temporary addresses

Simon Kelley simon at thekelleys.org.uk
Wed Dec 17 12:43:50 GMT 2014

Hash: SHA256

I just pushed changes to the git repo to implement this. Michael,
please could you seen if it now behaves as you'd like?



On 01/12/14 18:49, Michael Gorbach wrote:
> On Nov 30, 2014, at 11:17 AM, Simon Kelley
> <simon at thekelleys.org.uk> wrote:
>> On 29/11/14 19:18, Michael Gorbach wrote:
>>> Hi All,
>>> I've got a question and potential enhancement request. It looks
>>> like right now, the (very useful) interface-name feature pulls
>>> all (global) addresses from the interface. One of my machines
>>> uses IPv6 privacy extensions (known in Linux as use_tempaddr),
>>> which means that in addition to link-local and permanent global
>>> addresses, it has a rotating cast of ~ 5 temporary addresses. I
>>> suggest that dnsmasq should detect those temporary addresses
>>> and not return them for queries that would otherwise hit
>>> interface-name. Returning them as it does now means > 5 AAAA
>>> records for a single name, which causes repeated confusion due
>>> to things like SSH warning about an unknown host because it has
>>> suddenly picked a previously-unknown temporary address to
>>> connect to. Thoughts?
>> Sounds like a sensible suggestion. This facility was added before
>> I was really familiar with IPv6 and all its extra complications.
>> Most of those 5 temporary addresses will be "deprecated" ie
>> hanging around for the use of existing connections, but not used
>> for new ones. They definitely shouldn't appear, but I'm pretty
>> convinced, unless anyone can come up with a good reason why not,
>> that all privacy addresses should be elided, without exception.
>> I wonder, though, if that's only true for forward (ie AAAA)
>> lookups. Should a reverse lookup on an old privacy address still
>> yield the name of the host it belongs to?
> Thanks, Simon. I’d agree that all the temporary addresses should be
> skipped in forward resolution. In terms of reverse, I’d say there’s
> a high amount of value in having at least the current temporary
> address resolve to the correct host name. Temporary addresses are
> often preferred for outbound connections, so if we don’t have
> reverse resolution here then for example SSH is going to complain
> that it can’t check reverse DNS. There’s probably some value in
> reverse resolution for deprecated temporary addresses, for example
> if you wanted to track down some client in your system logs from
> several days ago, but it’s significantly lower. If that’s a large
> amount of work, to me it’s something that wouldn’t be
> top-priority.
> Yours, ~ M.
>> Cheers,
>> Simon.
>> _______________________________________________ Dnsmasq-discuss
>> mailing list Dnsmasq-discuss at lists.thekelleys.org.uk
>> <mailto:Dnsmasq-discuss at lists.thekelleys.org.uk> 
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>> <http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss>
Version: GnuPG v1


More information about the Dnsmasq-discuss mailing list